• No results found

CONSIDERING THE CLOUD COMPUTING TECHNOLOGY

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "CONSIDERING THE CLOUD COMPUTING TECHNOLOGY"

Copied!
9
0
0

Loading.... (view fulltext now)

Download now ( 9 Page )

Full text

(1)

CONSIDERING THE CLOUD COMPUTING TECHNOLOGY

Mrs. Neepa Shah Ms. Chetna Patel

(Assistant Professor) (Technical Assistant)

Manish Institute of Computer Studies Manish Institute of Computer Studies

(NSVKMS MCA College) (NSVKMS MCA College)

Sankalchand Patel Education Campus Sankalchand Patel Education Campus Gandhinagar – Ambaji State Highway Gandhinagar – Ambaji State Highway Kamana Cross Road, Visnagar. 384315 Kamana Cross Road, Visnagar.384315 ABSTRACT: Cloud computing is basically an Internet-based network made up of large

numbers of servers - mostly based on open standards, modular and inexpensive. Clouds contain vast amounts of information and provide a variety of services to large numbers of people. The benefits of cloud computing are Reduced Data Leakage, Decrease evidence acquisition time, they eliminate or reduce service downtime, they Forensic readiness, they Decrease evidence transfer time the main factor to be discussed is security of cloud computing, which is a risk factor involved in major computing fields.

KEYWORDS: Application, Centralized, Cloud, Data Centre, Security, Service, Technology. HISTORY

The Cloud is a metaphor for the Internet, derived from its common depiction in network diagrams as a cloud outline. The underlying concept dates back to 1960 when Mr John McCarthy opined that "computation may someday be organized as a public utility" and the term The Cloud was already in commercial use around the turn of the 21st century. Cloud computing solutions had started on the market, though most of the focus at this time was on SAAS.2007 saw increased activity, including Goggle, IBM, Oracle, Microsoft, Amazon,

Yahoo and a number of universities embarking on a large scale cloud computing research

(2)

WHAT IS A CLOUD COMPUTING?

• Cloud computing is

1. Internet-(“CLOUD”) based development and 2. Use of computer technology (“COMPUTING”).

• Cloud computing is a general term for anything that involves delivering hosted services over the Internet.

• It is used to describe both a platform and type of application.

• Cloud computing also describes applications that are extended to be accessible through the Internet.

• These cloud applications use large data centers and powerful servers that host Web applications and Web services.

• Anyone with a suitable Internet connection and a standard browser can access a cloud application.

• User of the cloud only care about the service or information they are accessing - be it from their PCs, mobile devices, or anything else connected to the Internet.

WHAT IS DRIVING CLOUD COMPUTING?

The CLOUD COMPUTING is driving in two types of categories. 1. Customer Perspective

2. Vendor Perspective

Customer Perspective:

• In one word: economics

• Faster, simpler, cheaper to use cloud computation.

• No upfront capital required for servers and storage.

(3)

• Application can be run from anywhere.

Vendor Perspective:

• Easier for application vendors to reach new customers.

• Lowest cost way of delivering and supporting applications.

• Ability to use commodity server and storage hardware.

• Ability to drive down data centre operational costs.

Here is the Cloud Computing general Schema Information

TYPES OF SERVICES:

These services are broadly divided into three categories:

(4)

Infrastructure-as-a-Service (IaaS):

Infrastructure-as-a-Service (IaaS) like Amazon Web Service provides virtual servers with unique IP Addresses and blocks of storage on demand. Customers benefit from an API from which they can control their servers. Because customers can pay for exactly the amount of service they use, like for electricity or water, this service is also called utility computing.

Platform-as-a-Service (PaaS):

Platform-as-a-Service (PaaS) is a set of software and development tools hosted on the provider’s servers. Developers can create applications using the provider’s APIs. Google Apps is one of the most famous Platform-as-a-Service Providers. Developers should take notice that there aren’t any interoperability standards, so some providers may not allow you to take your application and put it on another platform.

Software-as-a-Service (SaaS):

Software-as-a-Service (SaaS) is the broadest market. In this case the provider also allows the customer only to use its applications. The software interacts with the user through a user interface. These applications can be anything from web based email, to applications like Twitter, Face book or LinkedIn.

TYPES BY VISIBILITY (DEPLOYMENT MODELS): Public Cloud/External Cloud

Public cloud or External cloud describes cloud computing in the traditional main stream sense, whereby resources are dynamically provisioned on fine-gained, self-service bases over the internet, via web applications/web services from an offsite third party provider who shares resources and bills on fine-gained utility computing bases. Public cloud applications, storage, and other resources are made available to the general public by a service provider. These services are free or offered on a pay-per-use model. Generally, public cloud service providers like Amazon AWS, Microsoft and Google own and operate the infrastructure and offer access only via Internet (direct connectivity is not offered).

Community Cloud

Community cloud shares infrastructure between several organizations from a specific community with common concerns (security, compliance, jurisdiction, etc.), whether managed internally or by a third-party and hosted internally or externally. The costs are spread over fewer users than a public cloud (but more than a private cloud), so only some of the cost savings potential of cloud computing are realized.

Hybrid Cloud

(5)

Private Cloud

Private cloud is cloud infrastructure operated solely for a single organization, whether managed internally or by a third-party and hosted internally or externally. Undertaking a private cloud project requires a significant level and degree of engagement to virtualize the business environment, and it will require the organization to revaluate decisions about existing resources. When it is done right, it can have a positive impact on a business, but every one of the steps in the project raises security issues that must be addressed in order to avoid serious vulnerabilities. They have attracted criticism because users "still have to buy, build, and manage them" and thus do not benefit from less hands-on management essentially "[lacking] the economic model that makes cloud computing such an intriguing concept".

HOW DOES CLOUD COMPUTING WORKS?

(6)

A TYPICAL CLOUD COMPUTING SYSTEM

 Soon, there may be an alternative for executives like you. Instead of installing a suite of software for each computer, you'd only have to load one application. That application would allow workers to log into a Web-based service which hosts all the programs the user would need for his or her job. Remote machines owned by another company would run everything from e-mail to word processing to complex data analysis programs. It's called Cloud Computing, and it could change the entire computer industry.

 In a cloud computing system, there's a significant workload shift. Local computers no longer have to do all the heavy lifting when it comes to running applications. The network of computers that make up the cloud handles them instead. Hardware and software demands on the user's side decrease. The only thing the user's computer needs to be able to run is the cloud computing system’s interface software, which can be as simple as a Web browser, and the cloud's network takes care of the rest.

 There’s a good chance you've already used some form of cloud computing. If you have a new-mail account with a Web-based e-mail service like Hotmail, Yahoo! Mail or Gmail, then you’ve had some experience with cloud computing. Instead of running an e-mail program on your computer, you log in to a Web e-mail account remotely. The software and storage for your account doesn't exist on your computer -- it's on the service's computer cloud

SEVEN TECHNICAL SECURITY BENEFITS OF THE CLOUD: 1. CENTRALIZED DATA:

Reduced Data Leakage: This is the benefit we hear most from Cloud providers - and

in our view they are right. How many laptops do we need to lose before we get this? How many backup tapes? The data “landmines” of today could be greatly reduced by the Cloud as thin client technology becomes prevalent. Small, temporary caches on handheld devices or Net book computers pose less risk than transporting data buckets in the form of laptops. Ask the CISO of any large company if all laptops have company ‘mandated’ controls consistently applied; e.g. full disk encryption. You’ll see the answer by looking at the whites of their eyes. Despite best efforts around asset management and endpoint security we continue to see embarrassing and disturbing misses. And what about SMBs? How many use encryption for sensitive data, or even have a data classification policy in place?

Monitoring benefits: Central storage is easier to control and monitor. The flipside is

(7)

2. INCIDENT RESPONSE / FORENSICS:

Forensic readiness: With Infrastructure as a Service (IaaS) providers, We can build a

dedicated forensic server in the same Cloud as our company and place it offline, ready for use when needed. We would only need pay for storage until an incident happens and we need to bring it online. We don’t need to call someone to bring it online or install some kind of remote boot software - We just click a button in the Cloud Providers web interface. If we have multiple incident responders, we can give them a copy of the VM so we can distribute the forensic workload based on the job at hand or as new sources of evidence arise and need analysis. To fully realize this benefit, commercial forensic software vendors would need to move away from archaic, physical dongle based licensing schemes to a network licensing model.

Decrease evidence acquisition time: if a server in the Cloud gets compromised

(i.e. broken into), we can now clone that server at the click of a mouse and make the cloned disks instantly available to our Cloud Forensics server. We didn’t need to ‘find’ storage or have it ‘ready, waiting and unused’ - its just there.

1. Eliminate or reduce service downtime: Note that in the above scenario we

didn’t have to go tell the COO that the system needs to be taken offline for hours whilst we dig around in the RAID Array hoping that our physical acquisition toolkit is compatible (and that the version of RAID firmware isn’t supported by our forensic software). Abstracting the hardware removes a barrier to even doing forensics in some situations.

2. Decrease evidence transfer time: In the same Cloud, bit for bit copies are super

fast - made faster by that replicated, distributed file system my Cloud provider engineered for us. From a network traffic perspective, it may even be free to make the copy in the same Cloud. Without the Cloud, We would have to a lot of time consuming and expensive provisioning of physical devices. We only pay for the storage as long as we need the evidence.

3. Eliminate forensic image verification time: Some Cloud Storage implementations expose a cryptographic checksum or hash. For example, Amazon S3 generates an MD5 hash auto magically when you store an object. In theory you no longer need to generate time-consuming MD5 check sums using external tools – it’s already there.

4. Decrease time to access protected documents: Immense CPU power opens

some doors. Did the suspect password protect a document that is relevant to the investigation? You can now test a wider range of candidate passwords in less time to speed investigations.

3. PASSWORD ASSURANCE TESTING (AKA CRACKING):

Decrease password cracking time: If your organization regularly tests password

strength by running password crackers you can use Cloud Compute to decrease crack time and you only pay for what you use. Ironically, your cracking costs go up as people choose better passwords.

Keep cracking activities to dedicated machines: If today you use a distributed

(8)

4. LOGGING:

‘Unlimited’, pay per drink storage: Logging is often an afterthought, consequently

insufficient disk space is allocated and logging is either non-existent minimal. Cloud Storage changes all this - no more ‘guessing’ how much storage you need for standard logs.

Improve log indexing and search: With your logs in the Cloud you can leverage

Cloud Compute to index those logs in real-time and get the benefit of instant search results. What is different here? The Compute instances can be plumbed inland scale as needed based on the logging load - meaning a true real-time view.

Getting compliant with extended logging: Most modern operating systems

offer extended logging in the form of a C2 audit trail. This is rarely enabled for fear of performance degradation and log size. Now you can ‘opt-in’ easily - if you are willing to pay for the enhanced logging, you can do so. Granular logging makes compliance and investigations easier.

5. IMPROVE THE STATE OF SECURITY SOFTWARE (PERFORMANCE):

Drive vendors to create more efficient security software: Billable CPU cycles get

noticed. More attention will be paid to inefficient processes; e.g. poorly tuned security agents. Process accounting will make a comeback as customers target “expensive” processes. Security vendors that understand how to squeeze the most performance from their software will win.

6. SECURE BUILDS:

Pre-hardened, change control builds: This is primarily a benefit of virtualization

based Cloud Computing. Now you get a chance to start “secure” (by your own definition) - you create your Gold Image VM and clone away. There are ways to do this today with bare-metal OS installs but frequently these require additional 3rd party tools, are time consuming to clone or add yet another agent to each endpoint.

Reduce exposure through patching offline: Gold images can be kept up securely

kept up to date. Offline VMs can be conveniently patched ³off´ the network.

Easier to test impact of security changes: This is a big one. Spin up a copy of your

production environment, implement a security change and test the impact at low cost, with minimal start-up time. This is a big deal and removes a major barrier to ‘doing’ security in production environments.

7. SECURITY TESTING:

Reduce cost of testing security: A SaaS provider only passes on a portion of their

security testing costs. By sharing the same application as a service, you don’t foot the expensive security code review and/or penetration test. Even with Platform as a Service (PaaS) where your developers get to write code, there are potential cost economies of scale (particularly around use of code scanning tools that sweep source code for security weaknesses)

Application:

A Cloud application leverages cloud computing in software architecture, often eliminating the need to install and run the application on the customer’s own computer, thus alleviating the burden of software maintenance, on-going operation, and support. For Example:

• Peer-to-peer / volunteer computing (BOINC, Skype)

• Web applications(Webmail, Facebook, Twitter, You Tube, Yammer)

• Security as a service (Message Labs, Purewire, ScanSafe, Zscaler)

(9)

• Software plus service(Microsoft Online Services)

• Storage [Distributed]

• Content distribution (BitTorrent, Amazon, CloudFront)

•Synchronisation (Dropbox, Live Mesh, SpiderOak, ZumoDrive)

Here are the different organizations which are widely using CLOUD COMPUTING.

CONCLUSION:

• In our view, there are some strong technical security arguments in favour of Cloud Computing - assuming we can find ways to manage the risks. With this new paradigm come challenges and opportunities. The challenges are getting plenty of attention – We’re regularly afforded the opportunity to comment on them.

• Some benefits depend on the Cloud service used and therefore do not apply across the board. For example: We see no solid forensic benefits with SaaS. Also, for space reasons, we’re purposely not including the ‘Flip-Side’ to these benefits.

• We believe the Cloud offers Small and Medium Business major potential security benefits. Frequently SMBs struggle with limited or non-existent.

• In-house INFOSEC resources and budgets. The caveat is that the Cloud market is still very – security offering are somewhat foggy – making selection tricky. Clearly, not all Clouds providers will offer the same security.

REFERENCES: Web guild.org

http://www.webguild.org/

How stuff works.com

http://communication.howstuffworks.com Cloud security.org http://cloudsecurity.org IBM http://www.ibm.com/developerworks/websphere/zones/hipods/ Google suggest http://www.google.com/webhp?complete=1&hl=en

Handbook of Cloud Computing(Borko Furht, 2010)

References

Download now ( PDF - 9 Page - 761.58 KB )

Related documents

The role of thioredoxin and T-type Ca2+ channels in vascular smooth muscle cell proliferation

Findings reported in the current chapter demonstrate that Trx inhibition using high concentrations of AuF or PX-12 increases cell death, whilst lower

The Child, the Pupil, the Citizen: Outlines and Perspectives of a Critical Theory of Citizenship Education

their own and others’ behaviour and its consequences, and learn to distinguish right from wrong’, ‘learn to take turns and share, and challenging negative attitudes

Research on Digital Agricultural Information Resources Sharing Plan Based on Cloud Computing *

Based on cloud computing and virtualization technology, we establish a cloud computing server storage architecture, design deployment of server virtualization service, and

Cloud Computing: The Need for Portability and Interoperability

While considering the above issues of hypervisor and operating system choice and portable programming models, which mainly address application portability, the ability to move

Design and Evaluation of Fusion Approach for Combining Brain and Gaze Inputs for Target Selection

In order to outperform the methods based on gaze only, future hybrid interfaces for target selection could be based on similar fusion approach, rather than on sequential

Data Center. References: IT infrastructure for business development.

THE SCOPE OF THE SERVICES CLOUD COMPUTING Private Cloud Public Cloud Hybrid Cloud Object Storage DATA CENTER IT Equipment Colocation Dedicated Servers Beyond Server

Cloud Computing: Issues Related with Cloud Service Providers

So we need a strong Cloud Deployment Model to make use of the various Cloud Computing companies can use services on a Cloud Service Provider or CSP.. Currently we have

LX100 e-manual D Rev A00 Page 1 of 44 LX100 e-manual

Note: Client and Server mode simulate a VoIP call between two test sets or one test set and a server, and LX100A WiFi Connection LX100A WiFi Ping.. Note: WiFi